The complex is a high-performance, scalable cluster designed for real-time network traffic analysis and management at OSI model levels L2-L7, consisting of the following elements:

1. External optical bypass (Bypass Switch) with replaceable optical modules, enabling connection of SM (1310nm) or MM (850nm) lines
2. Traffic aggregator (load balancer) Network Packet Broker (NPB)
3. SSG DPI server cluster
4. Virtualization cluster for deploying the Network Management System (NMS) with a graphical interface (DPIUI2). It also includes FTP servers, Syslog for collecting logs from system components, an HTTP web server for centralized loading of blacklists, and a Zabbix monitoring system.
5. QoE Stor data storage complex for generating statistical and analytical reports, providing long-term storage of aggregated information
6. A set of necessary cables for switching and QSFP28/QSFP/SFP28/SFP+ modules
7. Redundant switches for combining solution components and management

The complex is designed for in-line installation and supports the following Ethernet interface types:

• 10G-BASE SR/LR
• 25G-BASE SR/LR
• 40G-BASE SR4/LR4
• 100G-BASE SR4/L4

Encapsulations supported: MPLS, IPinIP, VLAN, QinQ, GRE.

1xNPB up to 1Tbps:

The telecom operator's links are connected "in-line" to traffic balancing devices via optical bypass, which ensures network protection in case of hardware component failure or software malfunction. The traffic balancer distributes flows between nodes, ensuring symmetrical traffic flow at the session level through the same DPI node (symmetric session-aware load balancing L3/L4). The entire complex operates as a transparent L2 device and generally does not require additional settings on the operator's side or changes to the logical network design. In the case of asymmetric traffic (outgoing traffic passes through one SSG DPI site/cluster, and incoming traffic through another site), it is necessary to send only the OUTGOING traffic copy from one site to another. This ensures that ALL outgoing traffic reaches the SSG DPI clusters at different sites, eliminating traffic asymmetry. Note that outgoing traffic makes up 10% of incoming traffic, so mirroring between sites does not require wide channels and does not increase the DPI cluster load.

The cluster provides redundancy based on the N+X principle by adding redundant DPI nodes. If one or more DPI nodes fail, traffic will be rebalanced according to the "resilience" laid out. The balancer will disable the faulty node and redirect traffic to the remaining DPI nodes. If a larger number of devices or the balancer fails, the system will be put into bypass mode (configurable behavior). Each DPI node generates heartbeat messages towards the balancing devices, which in turn manage the bypass switches directly, monitoring both signal integrity in the line and the operational status of power and software, thus ensuring the overall operational integrity of the DPI cluster and balancers.

A key feature of the system is its simple scalability — throughput is increased by linearly adding DPI devices and balancers to the system.

2xNPB up to 2Tbps:

3xNPB up to 3Tbps:

4xNPB up to 4Tbps:

The complex is managed through the web-based DPIUI2 subsystem. DPIUI2 enables management of profiles and services for subscribers or downstream operators (including BGP signaling), traffic processing policies, including policing, filtering rules—blacklists and whitelists, custom protocols, reporting, etc. Standardized interfaces/APIs are available for integration with third-party systems. SSG DPI implements the 3GPP paradigm; as an additional option and within a separate technical solution, subscriber profile and service management can be integrated through the built-in PCRF module, with support for RADIUS and Gx/Gy DIAMETER interfaces.

The package includes a data storage system and a report designer, allowing for customized reports. The report designer provides statistics on users, operators, IP addresses, subnets, autonomous systems, network protocols, application applications, and their combinations, offering the customer complete network transparency and Quality of Experience support. The system can store both raw IPFIX data and aggregated data.